In 2019, the FBI’s Internet Crime Complaint Center received an average of 1,300 complaints a day. These amounted to a total loss of $3.5 billion to individuals and business victims.
The primary cause? Phishing. And no, we don’t mean the kind that uses live bait and a rod.
Knowing how to identify phishing attacks is the key to preventing them. Read on for everything you need to know.
What Is Phishing?
Think of phishing as an attempt to get you to reveal your personal information. This can include — but is not limited to — your social security number, passwords, or account numbers.
Phishing is different from other cyber-attacks because of the level of deceit involved. Hackers can steal your information without you knowing it. On the other hand, phishers try to trick you into turning it over yourself.
And if they’re successful, they can gain access to your email and banking accounts — leaving you vulnerable to fraud or even identity theft.
Types of Phishing
Contrary to popular belief, phishing is nothing new. In fact, incidents were reported as early as the 1990s, and the official term was coined in 1996. As time wore on, phishing tactics have only evolved.
One of the easiest ways to identify phishing is to ask yourself where the attempt is coming from. Are they posing as a trusted entity, like a real (or plausible) person, or company you would do business with?
Phishing most commonly occurs over email or text message. And the sender could look like one of the following:
- A bank
- A credit card company
- A social networking site
- An online payment website or app
- An online store
Often, phishing attempts will include suspicious links or attachments. The most sophisticated techniques will even use storytelling to tug at your empathy and encourage you to act quickly.
These ploys usually involve creating a sense of urgency or making claims or offers that are too good to be true.
Identifying Scam Emails
Don’t always trust your spam filter to weed out scam emails from your inbox.
As we mentioned, the most telltale signs of a scam email are suspicious links or attachments, outlandish claims, a sense of urgency, and elaborate storytelling.
But other hints can clue you into an email’s legitimacy, too.
For example, look for typos, generic greetings, or inconsistencies in branding. Not all phishing emails will look this careless. In fact, some will go so far as to mimic the exact formatting of legitimate emails.
The best way to check an email’s legitimacy is to hover over the attached URL without clicking on it. Secure websites always have a Secure Socket Layer (SSL) certificate. This looks like a URL that starts with “https.”
If the email looks like it’s from a company that you do business with, call the company directly using its verified phone number. The company will verify any issues with your account and any recent correspondence addressed to you.
Preventing Phishing Attacks
Effective cybersecurity starts with reliable antivirus software or cybersecurity services on both your computer and smartphone. But it’s not enough to simply install it; you also have to make sure you update it regularly.
To avoid missing an update, set your devices to “update automatically” so you don’t overlook any key security features.
Then, opt for two-factor authentication. If you’re not familiar with this, it requires two or more credentials to log into your account.
These credentials can either be something you have — like a passcode sent to your phone — or something you are, as a scan of your fingerprint, retina, or face.
Many smartphones and computers nowadays include equipment to support these types of authentication.
Don’t forget to change your passwords regularly, either. Avoid using predictable ones, like:
- Names (including pets, partners, or children)
- Birthdays
- Sports, hobbies, or interests
- Profanities (yes, people can guess these)
- Sequences, like 12345678 or qwertyuiop
- The word “password” (or any variation of it)
The strongest passwords are not used across all of your accounts. Plus, they contain a combination of alphanumeric symbols and special characters.
Experts also recommend backing up your data at least once a week. Keep your data on a hard drive or cloud storage, so you have a copy of it in case it’s compromised.
Finally, remember not to click on any suspicious links or attachments — especially if you don’t recognize the sender.
If you’re looking for more ways to protect yourself, read more on Cyber Security here.
What to Do if You’ve Fallen Victim to Phishing
Maybe the phishing attempt was just too convincing. Maybe you didn’t know any better. Regardless, if you fall victim to fishing, remember that you are not alone.
If you think a scammer has obtained sensitive personal information, the first thing you should do is visit the Federal Trade Commission’s identity theft website. This will walk you through what steps to take based on the information that was stolen.
If you suspect a phishing attempt, but you didn’t fall for it, there are two ways to report it.
You can forward phishing emails to the Anti-Phishing Work Group at reportphishing@apwg.org. For phishing text messages, you can forward them to SPAM (7726).
You can also file phishing reports online at ftc.gov/complaint.
And if you suspect the attempt came from your area — like posing as a local business or community leader, for example — it couldn’t hurt to file a report with your police department. Remember to use the department’s non-emergency line for this.
Protect Your Internet Privacy Today
Phishing attacks aren’t always obvious to the naked eye. But taking the right preventative measures and exercising a healthy dose of skepticism can help ensure that you don’t fall victim to this elaborate scheme.
Did you find this article helpful? If so, check out our technology section for more ways to get the most out of your digital presence — and safely.
